Page MenuHome GnuPG
Feed Advanced Search

Jan 28 2022

aheinecke triaged T5805: Kleopatra or GnuPG: Auto retrieve signers key as Normal priority.
Jan 28 2022, 9:28 AM · gnupg, kleopatra, Restricted Project

Jan 18 2022

werner changed the status of T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) from Resolved to Wontfix.

vitusb: We had this discussion on cryptography@ years ago. No need to start it again - or well, try it over there. This is a bug tracker and not a discussion forum.

Jan 18 2022, 7:20 PM · Not A Bug, gpg4win, gnupg
aheinecke added a comment to T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs).

These curves are not the default in the compliance mode "gnupg" only if you explicitly switch to the BSI defined "VS-NfD" mode they become default.

Jan 18 2022, 8:26 AM · Not A Bug, gpg4win, gnupg

Jan 17 2022

vitusb added a comment to T5783: All s2k hardenings silently ignored when exporting private keys.

Sending a private key with just the local protection is not a good idea.

Jan 17 2022, 6:11 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
vitusb added a comment to T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs).

Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.

Jan 17 2022, 5:41 PM · Not A Bug, gpg4win, gnupg
werner closed T5783: All s2k hardenings silently ignored when exporting private keys as Resolved.

Sending a private key with just the local protection is not a good idea. It is better to export the key and then send it in an encrypted mail - for example in symmetric mode with a strong password.

Jan 17 2022, 10:48 AM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
werner closed T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) as Resolved.

Please no holy wars on the type of curves. NIST as its opinon, Europe has its opinion, DJB has of course a different opinion. Please use the the cryptography ML for such political/technical discussions.

Jan 17 2022, 10:43 AM · Not A Bug, gpg4win, gnupg
werner changed the edit policy for T5783: All s2k hardenings silently ignored when exporting private keys.
Jan 17 2022, 10:39 AM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
werner changed the edit policy for T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs).
Jan 17 2022, 10:36 AM · Not A Bug, gpg4win, gnupg

Jan 16 2022

vitusb renamed T5783: All s2k hardenings silently ignored when exporting private keys from All s2k hardenings silently ignored when doin an export of private keys to All s2k hardenings silently ignored when exporting private keys.
Jan 16 2022, 2:10 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg
vitusb raised the priority of T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) from High to Needs Triage.
Jan 16 2022, 12:26 PM · Not A Bug, gpg4win, gnupg
vitusb raised the priority of T5783: All s2k hardenings silently ignored when exporting private keys from High to Needs Triage.
Jan 16 2022, 12:25 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg

Jan 15 2022

vitusb triaged T5784: Prioritization of weak Brainpool-Curves, when de-vs aka VS-NfD mode is activated (compliance de-vs) as High priority.
Jan 15 2022, 3:53 PM · Not A Bug, gpg4win, gnupg
vitusb triaged T5783: All s2k hardenings silently ignored when exporting private keys as High priority.
Jan 15 2022, 3:12 PM · Not A Bug, gpgagent, OpenPGP, gpg4win, gnupg

Jan 14 2022

aheinecke triaged T5778: Wish to add a generic comment or hint to encrypted data as Wishlist priority.
Jan 14 2022, 9:53 AM · gnupg, Restricted Project

Jan 11 2022

Saturneric claimed T5598: AppImage of gpg.

I found this post when I was searching everywhere for a solution, and I was delighted. I've recently been trying to upload GpgFrontned in the Apple Store vs Microsoft and I'm having some trouble.

Jan 11 2022, 9:13 PM · AppImage, gnupg, Restricted Project, Feature Request

Jan 10 2022

aheinecke triaged T5768: Dirmngr: Use windows proxy settings if system proxy settings should be used as Normal priority.
Jan 10 2022, 4:24 PM · Feature Request, gnupg, Restricted Project

Dec 23 2021

werner triaged T5749: Ed25519: Signature (R,S), where S=0 is possible for EdDSA as Low priority.

The odds for this case are infinitesimal so this should not have high priority. I consider this only a code-is-as-specified thing.

Dec 23 2021, 8:50 AM · gnupg

Dec 22 2021

gniibe updated the task description for T5749: Ed25519: Signature (R,S), where S=0 is possible for EdDSA.
Dec 22 2021, 12:11 PM · gnupg
gniibe created T5749: Ed25519: Signature (R,S), where S=0 is possible for EdDSA.
Dec 22 2021, 12:10 PM · gnupg

Dec 20 2021

werner added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

We can even remove the hexfingerrprint call. Will go into 2.3.4. Thanks.

Dec 20 2021, 10:18 PM · Restricted Project, Bug Report, gnupg (gpg23)
gniibe added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

So, this is the patch. Note that this is for master.

diff --git a/g10/keygen.c b/g10/keygen.c
index 7f15027a2..a452ab6d6 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -5619,7 +5619,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
           pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
Dec 20 2021, 11:37 AM · Restricted Project, Bug Report, gnupg (gpg23)
werner added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

The use of register_trusted_key in do_generate_keypair was a dirty hack utilizing a bug in --trusted-key ; it would be better to set the key as ultimately trusted.

Dec 20 2021, 7:29 AM · Restricted Project, Bug Report, gnupg (gpg23)
gniibe added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

I think that the change for T5685 introduced the issue.

Dec 20 2021, 3:32 AM · Restricted Project, Bug Report, gnupg (gpg23)
gniibe added a comment to T5685: Clear stale --trusted-key records from the trustdb.
Dec 20 2021, 3:31 AM · gnupg

Dec 19 2021

vsajip updated the task description for T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.
Dec 19 2021, 8:04 PM · Restricted Project, Bug Report, gnupg (gpg23)
vsajip added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

Okay, sorry. In the first two cases (encryption), GnuPG 2.2.33 generates

[GNUPG:] INV_RECP 10 F3C987C36C5C6343C9A5D5A1A3F494F6028E4866
[GNUPG:] FAILURE encrypt 53
gpg: [stdin]: encryption failed: Unusable public key

and exits with error code 2, whereas 2.2.32 doesn't display these messages and exits with return code 0.

Dec 19 2021, 7:59 PM · Restricted Project, Bug Report, gnupg (gpg23)
werner added a comment to T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.

Please be so kind and describe the regressions you see. 3 log files from your software are not very helpful.

Dec 19 2021, 4:10 PM · Restricted Project, Bug Report, gnupg (gpg23)
vsajip renamed T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG from Apparent regressions between 2.2.30 and 2.2.33 of GnuPG to Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.
Dec 19 2021, 3:18 PM · Restricted Project, Bug Report, gnupg (gpg23)
vsajip created T5742: Apparent regressions between 2.2.32 and 2.2.33 of GnuPG.
Dec 19 2021, 2:33 PM · Restricted Project, Bug Report, gnupg (gpg23)

Dec 10 2021

werner closed T5726: Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages as Resolved.

The first is a warning and the other error codes are exactly what we want.

Dec 10 2021, 1:53 PM · Not A Bug, libgcrypt, gnupg

Dec 9 2021

Jakuje created T5726: Setting "compliance de-vs" in gpg.conf with libgcrypt 1.9.0 and newer causes confusing error messages.
Dec 9 2021, 5:33 PM · Not A Bug, libgcrypt, gnupg

Nov 25 2021

werner closed T5705: GnuPG: System wide configuration ignored when gpg.conf-2 exists as Resolved.

Not a bug but a limitation of 2.2's option listing: In contrast to 2.3 we can't *show* the used options via gpgconf correcly if there is a conflict between global and local options. However, the actually *used* values are different and correct according to the config. In particular a global forced option overrides any local or command line option.

Nov 25 2021, 4:11 PM · Not A Bug, gnupg, Restricted Project
werner added a project to T5705: GnuPG: System wide configuration ignored when gpg.conf-2 exists: gpgrt.
Nov 25 2021, 2:56 PM · Not A Bug, gnupg, Restricted Project
aheinecke triaged T5705: GnuPG: System wide configuration ignored when gpg.conf-2 exists as Normal priority.
Nov 25 2021, 2:54 PM · Not A Bug, gnupg, Restricted Project
gniibe reopened T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Open.
Nov 25 2021, 6:14 AM · gnupg, Restricted Project, gpgagent, Bug Report

Nov 23 2021

werner closed T5120: Incompatible Ed25519 secret key (no-encryption), a subtask of T5114: GnuPG fails to import back generated and exported EdDSA secret key., as Resolved.
Nov 23 2021, 9:15 AM · gnupg, Restricted Project, gpgagent, Bug Report
werner changed the status of T5598: AppImage of gpg from Open to Testing.
Nov 23 2021, 9:03 AM · AppImage, gnupg, Restricted Project, Feature Request
werner added a comment to T5598: AppImage of gpg.

No, too much release work. Better just one AppImage. Or well one VSD (based on 2.2) and one regular (based on 2.3)

Nov 23 2021, 9:02 AM · AppImage, gnupg, Restricted Project, Feature Request

Nov 22 2021

ikloecker placed T5598: AppImage of gpg up for grabs.

Not sure if we want a separate AppImage for gpg & Co. Setting priority to "Needs Triage".

Nov 22 2021, 11:40 AM · AppImage, gnupg, Restricted Project, Feature Request

Nov 17 2021

kwinz added a comment to T1621: Support multiple cards (not just readers).

@werner That is not helpful. I tried 4 or 5 different readers. And the Reiner SCT cyberjack is the one that works best out of all of them on both Windows and Linux.

Nov 17 2021, 11:03 PM · gnupg, Feature Request

Nov 13 2021

werner closed T5685: Clear stale --trusted-key records from the trustdb as Resolved.
Nov 13 2021, 9:03 PM · gnupg
werner triaged T5685: Clear stale --trusted-key records from the trustdb as Normal priority.
Nov 13 2021, 8:13 PM · gnupg

Nov 12 2021

werner added a comment to T1621: Support multiple cards (not just readers).

Do not user Reiner SCT those readers are all buggy and work only on Windows - if at all. Stay away from them and get a real reader and not the incompatible broken stuff from that company. I spent way too much time trying to get those readers working. That time is better invested in support for hardware which is standard compatible or are helpful to get stuff running.

Nov 12 2021, 12:36 PM · gnupg, Feature Request
kwinz added a comment to T1621: Support multiple cards (not just readers).

Some more info: OpenVPN does not care about the second reader only gnupg agent is sensitive to what is present when it is started. So a workaround that I just found is to disable the Virtual Smartcard reader first so that only the ReinerSCT smartcard reader with an OpenPGP V3.4 card is present. Make sure to open an SSH connection. Then reconnect the second reader. And reconnect to VPN. After the PIN for the OpenPGP V3.4 card is already cached and a connection to the card established I can also open more SSH connections with the second reader attached and disconnect and reconnect the VPN as I want.
Even removing the smartcard from the ReinerSCT reader and plugging it back in works and I can still authenticate with new SSH tunnels and both readers present. So it seems it is actually only important which readers are present when the agent connects for the first time.
So this is a practical woraround. Although disabling the TPM backed reader temporarily needs Admin rights and is really janky.

Nov 12 2021, 10:41 AM · gnupg, Feature Request
kwinz added a comment to T1621: Support multiple cards (not just readers).

I am on Windows 10 21H1 and I using gnupg-w32-2.3.3_20211012 from here [1]
Together with win-gpg-agent, which extends gnupg to play nicely with Windows sockets. [2]

Nov 12 2021, 10:23 AM · gnupg, Feature Request

Nov 10 2021

ikloecker added a comment to T5598: AppImage of gpg.

I compiled the Appimage with the scripts in Gpg4win and it runs Kleopatra and works :-)

Nov 10 2021, 6:18 PM · AppImage, gnupg, Restricted Project, Feature Request
aheinecke added a comment to T5598: AppImage of gpg.

I compiled the Appimage with the scripts in Gpg4win and it runs Kleopatra and works :-)

Nov 10 2021, 12:31 PM · AppImage, gnupg, Restricted Project, Feature Request

Nov 2 2021

werner added a comment to T1621: Support multiple cards (not just readers).

Tehre has never been an option "shared-access" in GnuPG. At least not in upstream. In general we suggest the use of the interal ccid driver, but if you want PC/SC you need to use disable-ccid-driver. This is because 2.3 does not feature an automatic fallback to PC/SC anymore. Using pcsc-shared with OpenPGP cards can lead to surprising effects. You may want to try Scute as PCKSC#11 access module.

Nov 2 2021, 8:54 AM · gnupg, Feature Request

Oct 31 2021

sjlongland added a comment to T1621: Support multiple cards (not just readers).

So, I have something working… in the apparent absence of any sort of clear documentation that I could find. I had some time on my hands this afternoon, so had another look.

Oct 31 2021, 7:08 AM · gnupg, Feature Request

Oct 19 2021

bernhard added a comment to T4249: No connection to Keyserver possible.

This has not been set high on the priorities, because keyserver access works for most with Gpg4win (and thus GnuPG) on windows. A recent exception has been occurred about a month ago with Let's encrypt expired root certificate. So currently for Gpg4win 3.1.16 you need to update to a newer GnuPG (Version 2.2.32 at time of writing), by installing the simple installer,e.g. https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.32_20211006.exe

Oct 19 2021, 10:57 AM · gnupg, dirmngr, Bug Report, gpg4win

Oct 11 2021

onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Fix for this issue landed RNP master, and will be included to the RNP v0.16.0 release.
Within fix:

  • new keys will be generated with correctly tweaked bits
  • using secret key with non-tweaked bits would issue a warning
  • CLI command --edit-key [--check-cv25519-bits | --fix-cv25519-bits] added, allowing to fix older key
Oct 11 2021, 12:35 PM · Support, gnupg, OpenPGP

Oct 10 2021

werner closed T3412: gpg-agent manual page says to always add GPG_TTY to `.bashrc` as Resolved.
Oct 10 2021, 7:02 PM · Not A Bug, gnupg
calestyo added a comment to T5646: indicate wrong passphrase via exit status.

I did in fact check --status-fd before, but I'm not sure whether it gives me the information I wanted.

Oct 10 2021, 5:12 PM · gnupg, FAQ
werner closed T5646: indicate wrong passphrase via exit status as Resolved.

Please use the --status-fd interface. This yields all the info you need. An exit code is not distinct enough for such purpose and you need to check the status lines in any case. For scripting gpgme-tool or gpgme-json might be useful as well because they do all the nitty-gritty parts of using gpg correctly

Oct 10 2021, 4:15 PM · gnupg, FAQ

Oct 8 2021

onickolay added a comment to T3795: Failure to decrypt file, encrypted with multiple passwords.

Argh, sorry for bugging. Clearing comment out - I simply missed fact that my tests are run with random messages, so with 5% probability another password will be interpreted as 'good' for the first SKESK.

Oct 8 2021, 12:23 PM · Bug Report, gnupg

Sep 29 2021

bernhard added a comment to T3893: Timeout for receive-keys.

In my understanding, it should be possible to wait for the gpg command pipe from a different process and then terminate the connection on a timeout, kllling the process eventually. So the Enigmail side could implement something. These days I'm not sure what Enigmail uses for OpenPGP support. Thunderbird has moved on to a different implementation and Enigmail stops supporting Thunderbird 68 in two days https://www.enigmail.net/index.php/en/home/news/71-2021-08-31-end-of-support-for-thunderbird

Sep 29 2021, 4:12 PM · Enigmail, FAQ, gnupg
calestyo added a comment to T5594: some possible minor things in the manpage.

Well, as I've said in the comment above, there doesn't seem to be any correction towarads --passphrase-fd not requiring --pinentry-mode loopback (still works withou)... and --no-default-keyring still gives the impression that it would be needed (while --no-keyring works as well).

Sep 29 2021, 12:01 AM · Documentation, gnupg, Bug Report

Sep 28 2021

werner triaged T5594: some possible minor things in the manpage as Low priority.

Please don't, if you really feel like tha tis not resolved please re-open this ticket.

Sep 28 2021, 11:03 PM · Documentation, gnupg, Bug Report
calestyo added a comment to T5594: some possible minor things in the manpage.

@werner shall I open a new ticket for the remaining stuff?

Sep 28 2021, 7:26 PM · Documentation, gnupg, Bug Report
ikloecker added a comment to T5599: Make gpg use the helpers baked into its AppImage.

Works if one puts

rootdir = $APPDIR/usr

in the gpgconf.ctl file.

Sep 28 2021, 9:46 AM · gnupg, Restricted Project, Feature Request

Sep 27 2021

gniibe closed T5568: Use sigdescr_np instead of (deprecated) sys_siglist as Resolved.
Sep 27 2021, 3:24 AM · gnupg

Sep 23 2021

aheinecke triaged T5620: GnuPG, pinentry: Passphrase pattern error / warning does not match new logic as Normal priority.
Sep 23 2021, 12:15 PM · gnupg, Restricted Project

Sep 21 2021

amit added a comment to T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.

I'm not really sure which version it worked with earlier. This yubikey setup is quite old now, and I've not signed keys recently. I think the last I signed were at least 2 yrs back, hence the very vague allusion to the setup working previously. Apologies, no definite answer there.

Sep 21 2021, 6:56 PM · Support, Info Needed, gnupg (gpg22)

Sep 20 2021

masteru341 added a comment to T5608: Encryption using python for international characters not working properly.
  1. >>gpg2 --version

gpg (GnuPG) 2.0.30 (Gpg4win 2.3.3)
libgcrypt 1.6.6

Sep 20 2021, 7:50 PM · gnupg (gpg20), Too Old, Python, Bug Report
werner added a comment to T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.

@amit: Do you say it used to work with GnuPG 2.2.27 or did it worked with an older version?

Sep 20 2021, 7:43 PM · Support, Info Needed, gnupg (gpg22)
werner added projects to T5608: Encryption using python for international characters not working properly: gnupg, Python.

Which gpg version?
Which Python library? (gnupg is pretty generic)
How does the Python library call gpg?
Are you aware that gpg uses utf8 and not Windows Unicode?

Sep 20 2021, 7:40 PM · gnupg (gpg20), Too Old, Python, Bug Report
William updated the task description for T5609: keydb_get_keyblock failed with cv448 key .
Sep 20 2021, 6:22 PM · Restricted Project, OpenPGP, gnupg (gpg23)
William created T5609: keydb_get_keyblock failed with cv448 key .
Sep 20 2021, 6:20 PM · Restricted Project, OpenPGP, gnupg (gpg23)
ikloecker added a comment to T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.

When you sign data, then the signing subkey is used

ssb>  rsa4096/0xEB0B4DFC657EF670 2016-04-01 [S]
Sep 20 2021, 6:15 PM · Support, Info Needed, gnupg (gpg22)
amit added a comment to T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.

Just noting that the logs were captured by enabling debug logs for the agent:

eval $(gpg-agent --daemon --debug-all --log-file /var/tmp/gpgagent.log)
Sep 20 2021, 5:16 PM · Support, Info Needed, gnupg (gpg22)
amit created T5607: Fingerprint signing fails with 'gpg: signing failed: No secret key'.
Sep 20 2021, 5:15 PM · Support, Info Needed, gnupg (gpg22)
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks for clarification, indeed attempt to decrypt data returns an error afterwards.

Sep 20 2021, 4:19 PM · Support, gnupg, OpenPGP
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Well, while importing you get the warning:

Sep 20 2021, 4:08 PM · Support, gnupg, OpenPGP
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Yes, for migration from GnuPG 2.0 reasons, a batch import delays the key checking (i.e. converting from OpenPGP to GnuPG internal format) to the first use. Thus you don't see an error immediately. But if you encrypt something , you won't be able to decrypt it again:

Sep 20 2021, 4:00 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks, Werner.
During further work on this got another issue:

Sep 20 2021, 3:48 PM · Support, gnupg, OpenPGP

Sep 17 2021

werner added a comment to T5599: Make gpg use the helpers baked into its AppImage.

The actual patch is rGd4768bb982adb5c8410303334ee8d82ba0d71f3b (our parser in dev.gnupg.org missed to pick up the bug-id due to teh use of scissor lines in the commit message).

Sep 17 2021, 5:58 PM · gnupg, Restricted Project, Feature Request
calestyo added a comment to T5594: some possible minor things in the manpage.

The changes do not seem to touch anything I've mentoned in (1)?

Sep 17 2021, 2:59 PM · Documentation, gnupg, Bug Report
mid-kid added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

I see, I wasn't aware of this. Thanks for fixing!

Sep 17 2021, 12:22 PM · qt, pinentry, gnupg
werner closed T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt as Resolved.

Thanks for commenting. I close this bug then.

Sep 17 2021, 8:07 AM · qt, pinentry, gnupg

Sep 16 2021

gouttegd added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

Your proposed fix (in your first comment) has actually already been applied (commit 1305baf0994059f458b1d5ca28a355c12932fab3 in master, backported to the -2.2 branch in 455ba49071dea7588c9de11785b3092e45e4560b). It is part of gnupg-2.2.31 released today. :)

Sep 16 2021, 11:11 PM · qt, pinentry, gnupg
mid-kid added a comment to T5551: gpg-agent: DISPLAY is not set when calling pinentry-qt.

The Qt upstream bug report has just been rejected. I hope something can be done here...

Sep 16 2021, 4:31 PM · qt, pinentry, gnupg
werner claimed T5599: Make gpg use the helpers baked into its AppImage.
Sep 16 2021, 11:23 AM · gnupg, Restricted Project, Feature Request
werner added a comment to T5598: AppImage of gpg.

Some quick ideas: On Windows we have envvars (and APIs) to determine certain locations. There is also the registry. We use of all them. IT would be best to do this simalar on Unix. We also have a control file on Windows which switches to that portable mode; maybe it is best to do this also on Unix - A text file installed alongside gpg which gpg (common/homedir.c) uses to enable the use of certain envvars to locate the root etc..

Sep 16 2021, 10:05 AM · AppImage, gnupg, Restricted Project, Feature Request

Sep 15 2021

ikloecker created T5599: Make gpg use the helpers baked into its AppImage.
Sep 15 2021, 1:29 PM · gnupg, Restricted Project, Feature Request
ikloecker added a comment to T5598: AppImage of gpg.

One challenge of the AppImage is how to make gpg and its helpers use the helpers baked into the AppImage. Currently, everything is built with prefix /build/AppDir/usr. This causes

gpg: failed to start agent '/build/AppDir/usr/bin/gpg-agent': No such file or directory

unless gpg finds an already running agent.

Sep 15 2021, 1:25 PM · AppImage, gnupg, Restricted Project, Feature Request
ikloecker triaged T5598: AppImage of gpg as High priority.
Sep 15 2021, 9:29 AM · AppImage, gnupg, Restricted Project, Feature Request

Sep 14 2021

werner closed T5594: some possible minor things in the manpage as Resolved.
Sep 14 2021, 3:16 PM · Documentation, gnupg, Bug Report
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks. I meanwhile pushed a fix to 2.3 so that a warning is shown if the low bits are set.

Sep 14 2021, 3:01 PM · Support, gnupg, OpenPGP
onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Thanks for the replies, this makes things clear. We'll update RNP to correctly set/unset those bits while saving a generated secret key and a way to fix up previously generated keys.

Sep 14 2021, 2:18 PM · Support, gnupg, OpenPGP
werner added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

Right, as long as there is only one format in widespread use (based on a long existing 4880bis draft) only this format should go over the wire.
Thus, it is a matter how the key is exported. In cryptography you should never have several options - one clearly defined format is what you want. We have had enough trouble with PGP5 peculiarities but in that case their implementation had more users and thus GnuPG had to work around it. Not good, but there was no standard at all at this time.

Sep 14 2021, 11:14 AM · Support, gnupg, OpenPGP
gniibe added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@onickolay No sorry needed. It was me, who cannot answer promptly.

Sep 14 2021, 9:23 AM · Support, gnupg, OpenPGP

Sep 13 2021

onickolay added a comment to T5464: Failure to import Curve25519 ECDH secret subkey to the GnupG..

@gniibe sorry for pinging, but this issue gets attention as TB users (with RNP OpenPGP backend) cannot import to GnuPG EdDSA secret key which was generated by RNP since it doesn't tweak bits when storing or exporting a secret key.
Should we update RNP to tweak those bits during storage to be more compatible (given that those bits doesn't make any difference)?

Sep 13 2021, 11:36 AM · Support, gnupg, OpenPGP
werner added a comment to T5594: some possible minor things in the manpage.

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

Sep 13 2021, 9:37 AM · Documentation, gnupg, Bug Report

Sep 12 2021

sjlongland added a comment to T1621: Support multiple cards (not just readers).

GnuPG stable (i.e. 2.3.2) has full support for several readers and tokens. This won't be backported to the LTS versions (2.2), though. Better switch.

Sep 12 2021, 4:24 AM · gnupg, Feature Request

Sep 11 2021

werner added a comment to T1621: Support multiple cards (not just readers).

GnuPG stable (i.e. 2.3.2) has full support for several readers and tokens. This won't be backported to the LTS versions (2.2), though. Better switch.

Sep 11 2021, 11:16 AM · gnupg, Feature Request
sjlongland added a comment to T1621: Support multiple cards (not just readers).

I've recently acquired two Yubikeys: one Yubikey 5 NFC from my workplace, and shortly after, I bought a Yubikey 5C for my own personal keys… both security tokens have _different_ keys on them. (There are some questions being asked regarding the use of the same GnuPG key duplicated on separate smartcards; this is a different case).

Sep 11 2021, 1:35 AM · gnupg, Feature Request

Sep 8 2021

werner added projects to T5594: some possible minor things in the manpage: gnupg, Documentation.
Sep 8 2021, 6:53 PM · Documentation, gnupg, Bug Report

Sep 3 2021

bluepost added a comment to T5585: Passphrase File Carriage Return New Line \r\n Issue in Windows.

I think the behavior makes perfect sense for Unix but the default delimiter for .txt in Windows is \r\n.

Sep 3 2021, 8:19 PM · Documentation, gnupg, Bug Report
ikloecker added a comment to T5585: Passphrase File Carriage Return New Line \r\n Issue in Windows.

The OP wants to do symmetric encryption. This isn't about the passphrase that protects a key.

Sep 3 2021, 9:57 AM · Documentation, gnupg, Bug Report